starter93 Posted March 24, 2011 Posted March 24, 2011 Hi guys. I got a problem with Metasploit console exploits/ and payloads. I'm testing Metasploit for my school study. Well. The problem is, when I'm trying for example to vncinject a "victim" by the IP-adresse. I get the following: Handler failed to bind to 00.00.00.00:4444 [*] Started reverse handler on 00.00.00.00:4444 [-] Exploit exception: The connection timed out (00.00.00.00:4444). [*] Exploit completed, but no session was created. Whats wrong ? Thanks :) Quote
555 Posted March 27, 2011 Posted March 27, 2011 humm.. think this should probuly be in the questions forum, i am new to metasploit also so could not tell you :( Quote
digip Posted March 27, 2011 Posted March 27, 2011 Were you able to successfully exploit the system in question? Because from the looks of it, you have no existing meterpreter session to interact with. Read up on http://www.offensive-security.com/metasploit-unleashed/Metasploit_Unleashed_Information_Security_Training Quote
Mr-Protocol Posted March 27, 2011 Posted March 27, 2011 Hi guys. I got a problem with Metasploit console exploits/ and payloads. I'm testing Metasploit for my school study. Well. The problem is, when I'm trying for example to vncinject a "victim" by the IP-adresse. I get the following: Handler failed to bind to 00.00.00.00:4444 [*] Started reverse handler on 00.00.00.00:4444 [-] Exploit exception: The connection timed out (00.00.00.00:4444). [*] Exploit completed, but no session was created. Whats wrong ? Thanks :) Something is already using port 4444 netstat -antp | grep 4444 Quote
Infiltrator Posted March 28, 2011 Posted March 28, 2011 I've ran into that problem as well, it never worked for me. I searched other forums for help and it was suggested that my target machine was fully patched or not vulnerable at all. What version of XP/Vista are you using? Quote
Mr-Protocol Posted March 28, 2011 Posted March 28, 2011 Doesnt matter if he sets lhost or not, if it says it cannot bind, means the port is already bound by something else. Needs to netstat to find out what. or pick a different port. Quote
digip Posted March 28, 2011 Posted March 28, 2011 The bind can go two ways though. If hes trying to bind the target machine to port 4444 and its not exploited and already able to make a session, trying to connect to it will time out. If hes trying to make the target call back to him, and the bind fails, then something locally is already in use or the targets firewall blocks outgoing traffic to port 4444. When I see 0.0.0.0 though, I'm thinking he is doing it locally, but he may have to actually specify the correct IP address, instead of trying to broadcast to 0.0.0.0 if the target is on a different network. Quote
Mr-Protocol Posted March 28, 2011 Posted March 28, 2011 The ip of 0.0.0.0 means to accept any interface, from the error he has shown up there "Handler failed to bind to 0.0.0.0:4444" means something is already bound to listen on that port. I've run into this before. He has to netstat and find out what is running on that port. Quote
Mr-Protocol Posted March 30, 2011 Posted March 30, 2011 machines patched ;) look for another way Huh? No really, if he is using the reverse handler and it cannot bind, a program is already using that port.. it's not that hard lol. Quote
Infiltrator Posted March 30, 2011 Posted March 30, 2011 Hi guys. I got a problem with Metasploit console exploits/ and payloads. I'm testing Metasploit for my school study. Well. The problem is, when I'm trying for example to vncinject a "victim" by the IP-adresse. I get the following: Handler failed to bind to 00.00.00.00:4444 [*] Started reverse handler on 00.00.00.00:4444 [-] Exploit exception: The connection timed out (00.00.00.00:4444). [*] Exploit completed, but no session was created. Whats wrong ? Thanks :) Head over to your Windows Box, and bring up the command prompt and type netstat -na That should display a list of processes or services that are using port 4444. If that's the case, you will need to use a different port other than 4444 That should work. Quote
digip Posted March 30, 2011 Posted March 30, 2011 starter93 needs to tell us his network setup, whether its two virtual machines on the same network, two physical machines on the same network, different networks/subnets, across the internet with NAT/port forwarding issues, etc. It might even be he specified the wrong IP of the machine hes trying to attack. Hes not replied to anything in this thread, so its all speculation as to the problem until we can get some more info. Quote
Infiltrator Posted March 30, 2011 Posted March 30, 2011 (edited) Very true, he could even be a bot. But his post looks very authentic. So lets wait and see. Edited March 30, 2011 by Infiltrator Quote
Trip Posted March 30, 2011 Posted March 30, 2011 Huh? No really, if he is using the reverse handler and it cannot bind, a program is already using that port.. it's not that hard lol. ... i have xp sp2 and sp3 on my vm and on sp3 i get the same message ... on sp2 it works a charm im guessing its been patched ... does the target machine return an error message ? Quote
Infiltrator Posted March 30, 2011 Posted March 30, 2011 ... i have xp sp2 and sp3 on my vm and on sp3 i get the same message ... on sp2 it works a charm im guessing its been patched ... does the target machine return an error message ? I don't think the target machine will, only Backtrack will return an error. For the victim the attack will appear transparent, unless they are running some tools that can detect the attack. Quote
Trip Posted March 31, 2011 Posted March 31, 2011 i sometimes get 'OPERATION_NOT_VALID' but anyway i doubt that dudes coming back its been a while since he posted .... wrong forum imo Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.